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Novell Storage Manager 3.0.1 for eDirectory Action Object Reference Guide 


About This Guide 


This reference guide is written to provide network administrators comprehensive information for 
understanding and using the new Action Objects that were introduced in Novell Storage Manager 
3.0.1 for eDirectory. 


+ Chapter 1, “Overview,” on page 9 

¢ Chapter 2, “Setting Up,” on page 11 

+ Chapter 3, “Using Action Objects,” on page 13 
+ Chapter 4, “Processing States,” on page 19 

+ Chapter 5, “Usage Examples,” on page 21 

+ Chapter 6, “Actions Reference,” on page 35 

+ Chapter 7, “Schema Extensions,” on page 57 


+ Chapter 8, “Release Notes,” on page 59 


Audience 


This manual is intended for network administrators who manage user and collaborative storage 
through Novell Storage Manager 3.0.1 for eDirectory. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comment feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 


Documentation Updates 


For the most recent version of the Novell Storage Manager 3.0.1 for eDirectory Action Object 
Reference Guide, visit the Novell Storage Manager Documentation Web site (http:// 
www.novell.com/documentation/storagemanager3/). 


Additional Documentation 


For additional Novell Storage Manager documentation, see the following guides at the Novell 
Storage Manager Documentation Web site (http://www.novell.com/documentation/ 
storagemanager3/): 


+ Novell Storage Manager 3.0.1 for eDirectory Installation Guide 
+ Novell Storage Manager 3.0.1 for eDirectory Administration Guide 
Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
in a cross-reference path. 
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When a single pathname can be written with a backslash for some platforms or a forward slash for 
other platforms, the pathname is presented with a backslash. Users of platforms that require a 
forward slash, such as Linux*, should use forward slashes as required by your software. 


When a startup switch can be written with a forward slash for some platforms or a double hyphen for 
other platforms, the startup switch is presented with a forward slash. Users of platforms that require 
a double hyphen, such as Linux, should use double hyphens as required by your software. 
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Overview 


Novell Storage Manager 3.0.1 for eDirectory includes new Action Objects to enable the automation 
of very distinct storage actions outside of what is practical with Novell Storage Manager policies. 


¢ Section 1.1, “What Are Action Objects?,” on page 9 


¢ Section 1.2, “How do Action Objects work?,” on page 9 


1.1 What Are Action Objects? 


Action Objects provide a type of application programming interface (API) for use with Novell 
Storage Manager. Instead of writing custom code with vendor-supplied software libraries, the 
Action Object construct uses eDirectory objects and attributes as the communication method 
through which the API calls are made. 


An Action Object is an object in eDirectory that represents a single file system event, such as 
creating a directory, or setting directory quota on a specified target path. 


1.2 How do Action Objects work? 


Action Objects are processed by the NSM Engine, and they provide many of the same benefits of 
policy-based actions in Novell Storage Manager, such as the state-machine architecture provided by 
Novell Storage Manager for action processing. 


Overview 


9 


OLOZ Auenuep / (ua) xooprou 


Figure 1-1 How Action Objects Work. 
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Management 


1. Action Objects can be created and managed by any application or process that can modify 
objects in eDirectory, such as ConsoleOne, iManager, Novell Identity Manager, and even 
LDAP / LDIF. 


2. After the objects have been created and the trigger attribute has been set, the Event Monitor 
sees the trigger event and notifies the NSM Engine, placing an entry in the Engine's process 
queue. 


3. The Engine processes the Action Object according to the rules written in the object's attributes. 
Depending on the action and rules, the Engine might set trustee rights on a folder, change the 
directory quota for a folder, or even create new folders and copy data. See Chapter 6, “Actions 
Reference,” on page 35. 
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Setting Up 


Prior to creating Action Objects, a container must be created for hosting the Action Objects and then 
Novell Storage Manager must be enabled to process the Action Objects. 


¢ Section 2.1, “Creating an Action Object Container,” on page 11 


¢ Section 2.2, “Enabling Action Object Processing,” on page 11 


2.1 Creating an Action Object Container 


A single eDirectory container must be designated as the parent container in which Action Objects 
can be created. By applying appropriate access controls, an administrator can control who is allowed 
to create Action Objects in the specified container. The NSM Engine only processes Action Objects 
that reside in the designated container or any of its subcontainers. 


A local replica of the partition containing the Action Object container is recommended for the server 
hosting the NSM Engine if large quantities of Action Objects will be created and processed. 


2.2 Enabling Action Object Processing 


To enable processing of Action Objects by Novell Storage Manager, log in to NSMAdmin, then 
perform the following steps: 
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Figure 2-1 Enabling Action Object Processing Through NSMAdmin. 


Novell Storage Manager Admin 


Engine Event Agent 
Config Servers Servers 


component Config 
a Engine Config 
Executive Dashboard 


Enable Policy Statistics Storage Statistics © Supervisor rights to server NW657-1 
Report Disk Usage Event Statistics O Security Equivalent to the following object 


Security Principal 


Log Management 


Audit Log Purge 


Proxy Home Path |VNSMENGJENG:FACTORYIPROXYHOM L sss ) (97) 


Daily Detail Report Purge 


Action Objects Use Exact Case 
Enable Exact Case 
Container (ao.services,org 


Client Timeout 


O Enable 


Maximum inactive session time 30 Z: minutes 


1 Click the Configure tab. 

2 Click the Engine Config button in the toolbar. 

3 Click the Action Objects tab. 

4 Select the Enable check box. 

5 Click Browse and select the Action Objects container. 


6 Click Apply to save the changes. 


NOTE: The only Action Objects eligible for processing are those located in the specified container 
or any of its subcontainers. 
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Using Action Objects 


¢ Section 3.1, “General Guidelines,” on page 13 

¢ Section 3.2, “Creating Action Objects,” on page 13 

¢ Section 3.3, “Scheduling Action Objects,” on page 14 

¢ Section 3.4, “Linking Action Objects,” on page 14 

¢ Section 3.5, “Reusing Action Objects,” on page 14 

+ Section 3.6, “Cleaning Up Action Objects,” on page 14 

¢ Section 3.7, “Action Object Security,” on page 14 

+ Section 3.8, “Managing Action Object Events,” on page 15 


3.1 General Guidelines 


Action Objects can be created by any process, application, or API that can manage extended object 
classes and attributes in eDirectory. Examples of such applications include iManager, ConsoleOne, 
and Novell Identity Manager. 


Follow these guidelines when creating Action Objects: 


+ Create Action Objects in the specified Action Object Container or one of its subcontainers. 
(See Section 2.1, “Creating an Action Object Container,” on page 11.) 


¢ Set the trigger attribute last. For example, with a SetQuota Action Object, be sure to assign 
values to the cccFSFactoryActionPath1, cccFSFactoryActionOption, and 
cccF SFactoryActionOperation attributes before setting the cccFSFactoryActionTrigger 
attribute. 


¢ Itis acceptable to create the Action Object with all values at one time as an atomic operation. 
This is typically the case when using LDAP with a single LDIF import file. However, if timing 
or replication issues produce unreliable results, create the Action Object with all necessary 
attributes first, then add the cccFSFactoryTrigger attribute last in a separate modify action. 


3.2 Creating Action Objects 


1 Create the Action Object itself in the designated Action Object Container. 
2 Add the appropriate attributes needed for the operation. 


At a minimum, you need to specify the cccFSFactoryActionOperation attribute, which 
determines the type of Action Object. In most cases, you also need to specify the 
cecFSFactoryActionPathl attribute. For details on the attributes and values needed for each 
action type, see Chapter 6, “Actions Reference,” on page 35. 


3 Add any additional attributes needed for Action Object linking, scheduled execution time, or 
system cleanup. 


4 Add the cccFSFactoryActionTrigger attribute with a value of Ready to notify the Novell 
Storage Manager Event Monitors and Engine that the Action Object is ready for processing. 


Using Action Objects 


13 


OLOZ Auenuer / (ua) x90pnou 


For examples of how to create an Action Object using iManager, LDAP, and Novell Identity 
Manager, see Chapter 5, “Usage Examples,” on page 21. 


3.3 Scheduling Action Objects 


Action Objects can be configured for processing at a specific date and time. To schedule a specific 
Action Object, simply fill in the appropriate value for the Action Object's 
cccFSFactoryActionExecuteTime attribute prior to setting the trigger. 


See Section 6.3.1, “Execute Time,” on page 53 for details on how to do this. 


3.4 Linking Action Objects 


Action Objects can be linked in series to allow dependent actions to occur first. When linking 
Action Objects, either the NSM Engine or an external process can be specified for triggering the 
subsequent action. 


For details on how to perform linking, see Section 6.3.2, “Link Next,” on page 53. 


3.5 Reusing Action Objects 
An Action Object can be reused as needed. 


1 Verify that the Action Object to be reused is not currently processing. Verify this by examining 
the cccFSFactoryActionResult attribute for a Success or error message, or by examining the 
cccFSFactoryActionStatus attribute. 


2 Ifthe cccFSFactoryActionTrigger attribute has a value, clear or delete the 
cccF SFactoryActionTrigger attribute. 


If you are using iManager or ConsoleOne, be sure to apply the delete or modification of the 
attribute before continuing. Failure to do so prevents the event trigger from occurring. 


You might also want to clear other values such as the cccFSFactoryActionResult and the 
cccFSFactoryActionStatus. 


3 Set the cccFSFactoryActionTrigger attribute to the value Ready to reissue the Action Object. 


3.6 Cleaning Up Action Objects 


After the Engine has completed processing an Action Object, that object can be cleaned up (deleted 
from Directory Services) or left behind for processing by an external application. 


For details on how to set the cleanup attribute, see Section 6.3.3, “Cleanup,” on page 55. 


3.7 Action Object Security 


The NSM Engine processes the directives in Action Objects by using the Novell Storage Manager 
proxy account that performs file system and directory service operations for Novell Storage 
Manager. The account was created during installation and configuration of Novell Storage Manager 
3.0.1 for eDirectory. 
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In order to restrict who can create valid Action Objects, Novell Storage Manager 3.0.1 for 
eDirectory requires that a container in eDirectory be specified for Action Object processing. The 
designated Action Object container and its subcontainers are the only containers in eDirectory from 
which the NSM Engine processes Action Objects. The Action Object Container can be secured by 
using regular access controls for eDirectory, limiting who is allowed to create and modify Action 
Objects. 


3.8 Managing Action Object Events 


Once the NSM Engine starts processing an Action Object, the events generated by the Action Object 
can be viewed and managed in the NSMAdmin Pending Events panel. 


3.8.1 Viewing Action Object Event Details 


1 In NSMAdmin, click the Main tab. 
2 From the toolbar, click Pending Events. 


Novell Storage Manager Admin - Expires in 358 days. 


Configure 


> E € ja O & 2o 


Start Engine | Storage Policy Pending Management | Path Object Storage GSR Scheduled 
Page Status Management Management Events Actions Analysis Properties Resource List Collector Tasks 


m Pending Events Engine: 10.77.40.12 
O Make Eligible o Defer E Configure Bypass G. Redrive (x) Abort (5) Refresh © Accepting © Processing 
Eligible (1) 1-1 MPEGS 


ID Target Event Time Next Process Time Action Action State Try Count 
(A 17 geatedir.AO.org 2011-02-07 11:53... 2011-02-10 1:04PM Process Action Obj... Reading Action Object data 66 


Total Events: 1 


3 Double-click the event corresponding to the Action Object. 
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© Refresh 


Name Value 


Can Bypass False 

Can Redrive Yes 

Event Source NSM25 

Active False 

Deferred True 

Last Error 14: An input parameter value is invalid. 
CT" (O 

Object FDN CNzcreatedir.OU-AO.O org 

Object ID = 

Object GUID {2D33CF80-EC3B-11DF-83D3-000C296B0A 2B} 

Object Created - 

Object Deleted - 
CAT 

Effective Policy ID - 

Effective Policy - 
| Delegation afomatice ZZ [OO 

Delegated No 

Delegation Agent - 
ETA [O 

Operation Create Directory 

Target Path \\SERVER 1\HOME \path 1\* 


Source Path 
Option Data 
Target Object 
Initial Execute Time 
Next Action 
Cleanup Option 
Operation Details 


Details that are Action Object-specific are shown under the Event Specific Data header. 


General information, such as the Last Error and Can Redrive are available under the General 
header. 


3.8.2 Aborting an Action Object Event 


1 In NSMAdmin, click the Main tab. 
2 From the toolbar, click Pending Events. 
3 Select the event to abort. 
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4 Click the Abort button. 


5 Click Yes in the confirmation dialog box to abort the event. 
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Processing States 


As an Action Object is processed by the Novell Storage Manager Engine, it might be in one of 
several states. As an object transitions to each state, its cccFSFactoryActionStatus attribute is 
updated with the corresponding state label. 


+ Section 4.1, “State Order,” on page 19 


¢ Section 4.2, “State Descriptions,” on page 19 


4.1 State Order 


The states are processed in the following order: 


. Start 

. Wait for Directory Synchronization 
. Verify Trigger 

. Read Data 

. Wait on Ready 

. Process 

. In Progress 

. Set Result 

Link 


o AN DYN FW bb — 


> 


Cleanup 


— 
— 


. Complete Pending 
12. Complete 


4.2 State Descriptions 


The various states for Action Object processing are described as follows: 


+ START: This is the initial state before any processing takes place. 


+ WAIT FOR DIRECTORY SYNCHRONIZATION: In this state, the Engine is waiting to 
see the Action Object itself in eDirectory. Because an Action Object node is placed in the 
process queue only after that object’s trigger has been set and an Event Monitor has reported it, 
an assumption is made that the Action Object persists in eDirectory until the Engine can see it. 
Ifan Action Object is deleted from eDirectory after the event notification and subseguent 
addition to the process gueue, but before processing this state, the action remains in a pending 
state indefinitely. 


+ VERIFY TRIGGER: In this state, the Engine verifies that the trigger attribute has the proper 
value of Ready. If the attribute is not yet available, the Engine re-reads the Action Object 
periodically to see if the attribute is available. Once the attribute is available, 1f it does not 
contain the proper trigger value, the event is placed in the COMPLETE state. Otherwise, 
processing continues to the READ DATA state. 
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READ_DATA: In this state, the Engine reads in the values of all the Action Object attributes 
that apply for the specific operation. Basic validation is performed on attribute values, and any 
error conditions in this level cause the event to be redrivable. 


WAIT_ON_READY: This state is a placeholder for Action Object events that have an Execute 
Time set that defers initial processing of the event. 


PROCESS: In this state, the Action Object itself is processed by calling the appropriate action 
function as determined by the Operation set in the Action Object. 


IN_PROGRESS: Depending on the operation, some Action Objects might run asynchronous 
processes, such as a delegated operation like CopyDir. In these cases, the Engine must check 
the state of the delegated operation for this action on each process queue iteration until the 
operation is complete. 


For all other operations that were synchronously called during the PROCESS state, processing 
simply continues on to the next state. 


SET RESULT; In this state, the Engine sets the cecFSFactoryA ctionResult attribute of the 
Action Object in eDirectory. Because later states require the presence of this attribute, and 
because external systems such as Novell Identity Manager might also be interacting with the 
Action Object, processing does not continue past this state until the attribute can be set. 


LINK: In this state, the Engine attempts to process the cccFSFactoryActionLinkNext attribute 
of the Action Object in eDirectory. If an action has completed successfully, and the LinkNext 
attribute was set, the Engine sets the trigger for the specified action to the value “ready”. 


If the cccFSFactoryLinkNext attribute is not set, or if the action itself did not complete 
successfully, processing continues with the next state. 


CLEANUP: In this state, the Engine processes that value read from the 
eccFSFactoryActionCleanup attribute of the Action Object to determine whether it should 
remove the Action Object from eDirectory at the end of processing. If the cleanup attribute is 
present and set to the value System, or if it is set to the value OnSuccess and the operation is 
successful, it attempts to delete the associated Action Object from eDirectory. In all cases of 
failure, processing simply continues to the next state. 


COMPLETE_PENDING: In this state, the Action Object trigger is cleared for Action 
Objects that have not been cleaned up. 


COMPLETE: After this state is reached, the Action Object is eligible for removal from the 
process queue. 
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Usage Examples 


+ Section 5.1, “iManager,” on page 21 
+ Section 5.2, “LDAP,” on page 25 
+ Section 5.3, “Novell Identity Manager,” on page 26 


5.1 ¡Manager 


The following example illustrates how to create a CreateDir Action Object by using iManager. 


1 Start iManager and select the View Object button in the menu at the top. 


2 Browse to and select the configured Action Object container in the tree view on the left. 


-CCTEC-TREE. p org p services p ao 


Edit | Delete | Actions v 
New [x] 
services (135) Create Group 


eee i 
SLPDEFAULT (1) eb jec 


Tomcat-Roles (2) Create User 
ADMIN NW657-1 

ADMIN NW657-2 

ADMIN. nwcluster 

inx-node1 SYS 

Inx-node2_SYS 

Inx-node3_SYS 

NW657-1_SYS 

NW657-1_VOL1 

NW657-2_DATA 

NW657-2_SYS 

nwcluster_ENG 

oes2-1 SYS 

Q nac).) CVS = 
http://localhost:48080/nps/servlet/webacc ?NP Service-fw. LaunchServiceNPAction=Del: | 


pr 
> 
= 
= 
E 
s 
= 
E 
= 
= 
= 
= 
= 
5 
F 
= 
= 
E 
= 
= 


mg 


3 Select New > Create Object. 
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Y Create Object 


Select the object class to create. 


Available object classes: 


bhPortalGroup 
bhTheme 
bootableDevice 
builtinDomain 
cccFSFactoryAction 
cccFSFactoryPolicy 


Z Show all object classes 
Note: This option is only available to authorized users. 


— OK | Cancel | 


4 Select Show all object classes, browse for and select cecFSFactoryAction, then click OK. 
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€2 Create cccFSFactoryAction 


Specify the object name to be created. 


cecFSFactoryAction name: 
[createdir-1 
Context:" 


fao.services.org [a] fal 


— Ok | Cancel | 


5 Specify a name for the new Action Object, then click OK. 


Add Attribute 


cecFSFactoryActionPath1: 
Volume: NW657-2 DATA.services.org 


Path: (Folder23 


6 For a CreateDir operation, provide values for the following attributes: 
e cccFSFactoryActionOperation 
+ cccFSFactoryActionOption 
+ cccFSFactoryActionPathl 


Usage Examples 


23 


OLOZ Menuer ; (ua) x90pnou 


Edit Attribute 


cccFSFactoryActionTrigger: 
ready 


— Ok | Cancel | 


7 After all of the appropriate values for the action have been filled in, add the 
cecFSFactoryActionTrigger attribute, set it to a value of Ready, then click OK. 


Modify Object: gpseatedir-1.a0.services.org 


CRA Identity Manager \ 


Valued Attributes Unvalued Attributes 

icccFSFactoryActionOperation E ACL 

cccFSFactoryActionOption adminDescription 

cccFSFactoryActionPath1 adminDisplayName 

cccFSFactoryActionTrigger allowedAttributes 

CN allowedAttributesEffective 

creatorsName allowedChildClasses 

GUID allowedChildClassesEffective 

modifiersName Audit:File Link 

Object Class bridgeheadServerListBL 

Revision canonicalName 
cccFSFactoryActionAssociation 
cecFSFactoryActionCleanup 
cecFSFactoryActionControl 
cccFSFactoryActionExecuteOption 
cccFSFactoryActionExecuteTime 
cecFSFactoryActionLinkNext 
cecFSFactoryActionLinkStart 
cccFSFactoryActionPath2 
cecFSFactoryActionResult 


-l norESEartnni ArtinnStatiie 


OK | Cancel | Apply | Refresh | 


8 The object should now be complete. Watch the appropriate Event Monitor and Engine console 
sereens for indication that the Action Object has been processed. 
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Modify Object: @pcreatedir-1.a0.services.org 


COLA Identity Manager \ 


Valued Attributes Unvalued Attributes 


cccFSFactoryActionOperation ACL 

cecFSFactoryActionOption adminDescription 

cccFSFactoryActionPath1 adminDisplayName 

cccFSFactoryActionResult allowedAttributes 

cecFSFactoryActionStatus allowedAttributesEffective 

cecFSFactoryActionTrigger allowedChildClasses 

CN allowedChildClassesEffective 

creatorsName Audit:File Link 

GUID bridgeheadServerListBL 

modifiersName canonicalName 

Object Class cccFSFactoryActionAssociation 

Revision cccFSFactoryActionCleanup 
cecFSFactoryActionControl 
cccFSFactoryActionExecuteOption 
cccFSFactoryActionExecuteTime 
cccFSFactoryActionLinkNext 
cecFSFactoryActionLinkStart 
cccFSFactoryActionPath2 
cecFSFactoryActionTarget 
Certificate Validity Interval 


9 After the Action Object has been processed, the cecFSFactoryA ctionResult and 
cccFSFactoryActionStatus attributes are filled in with values indicating success or failure for 
the processed operation. 


5.2 LDAP 


This example shows how to create a SetQuota Action Object using LDAP commands with an LDIF 
(LDAP Directory Interchange Format) input file. When it is processed, the Novell Storage Manager 
Engine sets a 7 MB quota on the target path SERVER-A\DATA:users\bsmith. 
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Example: Setting the Quota 


#Examplel LDIF for SetQuota Action Object 

version: 1 

dn: cn=action-1,ou=actionObjects,o=org 

changetype: add 

objectClass: cccFSFactoryAction 
cccFSFactoryActionPathl: cn=SERVERA DATA, ou=resources, 
o=org#0#\users\bsmith 

cccFSFactoryActionOption: <Option><SubCmd>1</SubCmd> 
<Quantity>7<Quantity></Option> 

cccFSFactoryActionOperation: SetQuota 

cccFSFactoryActionTrigger: Ready 


Example: Adding 2 MB to the Existing Quota 


#Example2 LDIF for SetQuota Action Object 

version: 1 

dn: cn=action-2,ou=actionObjects,o=org 

changetype: add 

objectClass: cccFSFactoryAction 
cccFSFactoryActionPathl: cn=SERVERA DATA, ou=resources, 
o=org#0#\users\bsmith 

cccFSFactoryActionOption: <Option><SubCmd>2</SubCmd><Quanti 
ty>2</Quantity></Option> 

cccFSFactoryActionOperation: SetQuota 

cccFSFactoryActionTrigger: Ready 


5.3 Novell Identity Manager 


The following example illustrates how to use Novell Identity Manager to create a SetQuota Action 
Object when a user's title is changed to some value containing the text “Admin” or “admin.” In 
addition, it shows how to clean up Action Objects that have processed successfully. 

¢ Section 5.3.1, “Driver Overview,” on page 26 

¢ Section 5.3.2, “Driver Filter,’ on page 27 

+ Section 5.3.3, “Event Policy Set,” on page 28 

¢ Section 5.3.4, “Policy Scripts,” on page 31 


5.3.1 Driver Overview 


The example driver uses the Generic Null driver from Novell Identity Manager 3.6. 
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Figure 5-1 Driver Overview 


Action Object 


Publisher 


Notify 


CCTEC-TREE 
Because you are using the Null driver, only the Filter and Event Policy Sets are used. 


5.3.2 Driver Filter 


For the Filter in this example, you need the following: 
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Figure 5-2 Driver Filter. 


Class/Attribute | Comments Class: cccFSFactoryAction = 


v (IA user Attribute: cccFSFactoryActionStatus 
T Title Comments 
v UA cccFSFactory Action 


Y » cccFSFactoryActionStatus 


Publish Subscribe 

Y O Synchronize @ || ga O Synchronize 

© © Ignore Ó O Ignore 

% O Notify % © Notify 

iy O Reset ¿Y O Reset 
Merge Authority 


(9 Default (A 
O Identity Vault 

O Application 

O None 


Optimize modifications to the Identity Vault Ñ 


CE R | A H 


The User class and its associated Title attribute are needed to notify the driver of the user's change in 
title. 


The cccFSFactoryAction class and its associated cccF SFactoryActionStatus attribute are used when 
determining whether to clean up (delete) the Action Object after processing is complete. 


5.3.3 Event Policy Set 


The following Event Transformations are set up: 


Figure 5-3 Event Transform Policy Set. 


E Pr $" Da (Po X či Pr = lim 


Generic Null Driver Policy Sets 
A| X -| 2 $ 
78 DropEvents 
E Cleanup Action Objects 
JE] Title-based Quota 
Œ Drop Processed Events 
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The policies shown perform the following actions: 
The DropEvents policy simply limits the scope of the driver to Modify events. 


The Cleanup Action Objects policy is used to delete Action Objects that have successfully 
completed their assigned actions. 


The Title-based Quota policy creates SetQuota Action Objects for users whose Title attribute is 
changing to include “Admin” or "admin" as part of the title. 


The Drop Processed Events policy simply drops the current operation, because no other processing 
is needed in the driver. 


Title-based Quota Policy 


The primary policy is the Title-based Quota policy. This policy has the following conditions and 
actions: 


Figure 5-4 Set Admin Quota Rule. 


E Y 7 SetAdminQuota_500MB 
Set the home directory quota for any users with *admin* in their title attribute to 500MB using an NSM Action Object. 


Conditions 


Y 7 ifclass name equal "User" 
And | v. @ if operation attribute 'Title' changing to ".*[Aa]dmin.*" 
And|  @ if attribute 'Home Directory’ available 


set local variable("ao_name", scope="policy", "adminQuota-"+Source Name()+"_" 
—+Time(format="yyyyMMddHHmmss", lang="en-US", tz="UTC")) 


set local variable("ao_fdn", scope="policy", "org\services\ao\"+Local Variable("ao name")) 
set local variable("home_dir", scope="policy", nodeset(Attribute("H ome Directory") 
add source object(class name="cccFSFactoryAction", dn(Local Variable("ao_fdn"))) 


add source attribute value("cccFSFactoryActionOperation", class name=" 
—cccFSFactoryAction", dn(Local Variable("ao_fdn")), "SetQuota") 


add source attribute value("cccFSFactoryActionOption", class name="cccFSFactoryAction", dn(Local Variable("ao_fdn")), 
—'<Option>< SubCmd> 1</SubCmd><Quantity>500</Quantity></Option>") 

add source attribute value("cccFSFactoryActionPath1", class name="cccFSFactoryAction", dn(Local Variable("ao fdn")), (nameSpace 
—("$home_dir/component[@name='nameSpace'J/text()"), volume-XPath("$home diricomponent[Pname-'volume'/'texti)"), path=XPat 
—("$home_dir/component[@name='path']/text()")}) 


add source attribute value("cecFSFactoryActionTrigger", class name="cccFSFactoryAction", dn(Local Variable("ao_fdn")), "Ready") 


trace message(color="brpurple", "Created Action Object '"+Local Variable("ao_name")+"' to set home directory quota to 500MB for user 
—+") 


The policy performs the following actions: 
1. Limits the scope of the processing to user objects whose title is changing to a value that 
includes “Admin” or “admin” as part of the string. 
Only processes user objects that have a current Home Directory attribute set. 
Sets up local variables to hold the new Action Object name and FDN. 


Creates a new Action Object based on the FDN specified in the local variables. 


E o 


Sets the attributes of the new Action Object based on what is required for a SetQuota action: 


a. Sets cccFSFactoryActionOperation to the value SetQuota. 
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b. Sets cccFSFactoryActionOption to the XML string:<Opt ion><SubCmd>1</ 
SubCmd><Quantit y>500</Quantity></Option> 


NOTE: The value of 1 for <SubCmd> is used to set the quota to the value specified by 
<Quantity>. 


c. Sets cccFSFactoryActionPath1 to the Home Directory attribute of the current user in the 
operation. This requires manipulation of a structured value as opposed to a simple string. 


d. Sets cccFSFactoryActionTrigger to the value Ready so that the Action Object can be 
processed immediately. 


6. Because the creation of the Action Object is a direct write back to eDirectory, a trace message 
indicating the creation of the Action Object was added for clarity in driver traces. 


Cleanup Action Objects Policy 


The Cleanup Action Objects policy is a helper policy that allows Novell Identity Manager to delete 
any Action Objects that have successfully completed. In addition, it adds trace messages to indicate 
success of the Action Object cleanup, or displays the error message from the Action Object’s 
operation if the Set Quota operation failed. 


Figure 5-5 Cleanup Action Objects Rule. 


=| Y 77 Cleanup Successful Actions 


The driver will be responsible for cleaning up all Action Objects that have completed with a Result of "Success" 


Conditions 


v. @ ifclass name equal "cccFSFactoryAction" 


And v. @ if operation attribute 'cccFSFactoryActionStatus' equal "Complete" 


if attribute 'cccFSFactoryActionResult' equal "Success" 


delete source object() 
trace message("Deleting Action Object '"+Source Name()+" with successful completion.") 
else 
trace message(color="brred", "Action Object '"+Source Name()+" failed to complete successfully: ""+Attribute 
—("cccFSFactoryActionA esult")+""") 


strip XPath expression("$current-op") 


NOTE: The Action Object should be evaluated for deletion only after a status of Complete has been 
posted to the Action Object. Deleting the Action Object prior to this might cause the associated 
pending event in the Novell Storage Manager Engine event queue to stay pending. 
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5.3.4 Policy Scripts 


Title-based Quota Policy Script 


<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE policy PUBLIC "policy-builder-dtd"> 
<policy> 
<rule> 
<description>SetAdminQuota_500MB</description> 
<comment xml:space="preserve">Set the home directory quota for any users 
with *admin* in their title attribute to 500MB using an NSM Action Object.</ 
comment> 
<conditions> 
<and> 
<if-class-name mode="nocase" op="equal">User</if-class-name> 
<if-op-attr mode="regex" name="Title" op="changing-to">.*[Aa]dmin.*</ 
if-op-attr> 
<if-attr name="Home Directory" op="available"/> 
</and> 
</conditions> 
<actions> 
<do-set-local-variable name="ao_name" scope="policy"> 
<arg-string> 
<token-text xml: space="preserve">adminQuota-</token-text> 
<token-src-name/> 
<token-text xml:space-"preserve"> </token-text> 
<token-time format="yyyyMMddHHmmss" lang="en-US" tz="UTC"/> 
</arg-string> 
</do-set-local-variable> 
<do-set-local-variable name-"ao fdn" scope-"policy"> 
<arg-string> 
<token-text xml:space="preserve">org\services\ao\</token-text> 
<token-local-variable name="ao_name"/> 
</arg-string> 
</do-set-local-variable> 
<do-set-local-variable name="home dir" scope="policy"> 
<arg-node-set> 
<token-attr name-"Home Directory"/> 
</arg-node-set> 
</do-set-local-variable> 
<do-add-src-object class-name="cccFSFactoryAction"> 
<arg-dn> 
<token-local-variable name-"ao fdn"/> 
</arg-dn> 
</do-add-src-object> 
<do-add-src-attr-value class-name="cccFSFactoryAction" 
name="cccFSFactoryActionOperation"> 
<arg-dn> 
<token-local-variable name="ao_fdn"/> 
</arg-dn> 
<arg-value> 
<token-text xml:space="preserve">SetQuota</token-text> 
</arg-value> 
</do-add-src-attr-value> 
<do-add-src-attr-value class-name="cccFSFactoryAction" 
name="cccFSFactoryActionOption"> 


Usage Examples 


31 


OLOg fuenuer ; (us) xooprou 


32 


<arg-dn> 
<token-local-variable name-"ao fdn"/> 
</arg-dn> 
<arg-value> 
<token-text xml:space-"preserve">slt;Option>slt; SubCmd>1&1t; / 
SubCmd>&1t;Quantity>500&1t;/Quantity>&lt; /Option></token-text> 
</arg-value> 
</do-add-src-attr-value> 
<do-add-src-attr-value class-name="cccFSFactoryAction" 
name="cccFSFactoryActionPathl"> 
<arg-dn> 
<token-local-variable name="ao_fdn"/> 
</arg-dn> 
<arg-value type="structured"> 
<arg-component name="nameSpace"> 
<token-xpath expression="Shome dir/component [@name='nameSpace' ] / 


text ()"/> 

</arg-component> 

<arg-component name="volume"> 

<token-xpath expression="Shome dir/component [@name='volume'] / 

text ()"/> 

</arg-component> 

<arg-component name="path"> 

<token-xpath expression="Shome_dir/component [@name='path'] /text()"/ 
> 


</arg-component> 
</arg-value> 
</do-add-src-attr-value> 
<do-add-src-attr-value class-name="cccFSFactoryAction" 
name="cccFSFactoryActionTrigger"> 
<arg-dn> 
<token-local-variable name-"ao fdn"/> 
</arg-dn> 
<arg-value> 
<token-text xml:space="preserve">Ready</token-text> 
</arg-value> 
</do-add-src-attr-value> 
<do-trace-message color<"brpurple"> 
<arg-string> 
<token-text xml:space="preserve">Created Action Object '</token-text> 
<token-local-variable name="ao_name"/> 
<token-text xml:space="preserve">' to set home directory quota to 
500MB for user '</token-text> 
<token-src-name/> 
<token-text xml:space="preserve">'</token-text> 
</arg-string> 
</do-trace-message> 
</actions> 
</rule> 
</policy> 
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Cleanup Action Objects Policy Script 


<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE policy PUBLIC "policy-builder-dtd"> 
<policy> 
<rule> 
<description>Cleanup Successful Actions</description> 
<comment xml:space="preserve">The driver will be responsible for cleaning 
up all Action Objects that have completed with a Result of "Success"</comment> 
<conditions> 
<and> 
<if-class-name mode="nocase" op="equal">cccFSFactoryAction</if-class- 


name> 
<if-op-attr mode="nocase" name="cccFSFactoryActionStatus" 
op="equal">Complete</if-op-attr> 
</and> 
</conditions> 
<actions> 
<do-if> 
<arg-conditions> 
<and> 
<if-attr mode="nocase" name="cccFSFactoryActionResult" 
op="equal">Success</if-attr> 
</and> 
</arg-conditions> 
<arg-actions> 
<do-delete-src-object/> 
<do-trace-message> 
<arg-string> 
<token-text xml:space="preserve">Deleting Action Object '</token- 


text> 
<token-src-name/> 
<token-text xml:space="preserve">' with successful completion.</ 
token-text> 
</arg-string> 
</do-trace-message> 
</arg-actions> 
<arg-actions> 
<do-trace-message color="brred"> 
<arg-string> 
<token-text xml:space="preserve">Action Object '</token-text> 
<token-src-name/> 
<token-text xml:space="preserve">' failed to complete 
successfully: "</token-text> 
<token-attr name="cccFSFactoryActionResult"/> 
<token-text xml:space="preserve">"</token-text> 
</arg-string> 
</do-trace-message> 
</arg-actions> 
</do-if> 
<do-strip-xpath expression="Scurrent-op"/> 
</actions> 
</rule> 
</policy> 
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Actions Reference 


+ Section 6.1, “Actions,” on page 35 
¢ Section 6.2, “Required Attributes,” on page 50 
¢ Section 6.3, “Optional Attributes,” on page 52 


6.1 Actions 


Individual actions are detailed below. 


6.1.1 AssignPolicy 


Description 


The AssignPolicy operation assigns a named policy to a given object in eDirectory. 


Parameters 


Attribute Value 


cccFSFactoryActionOperation AssignPolicy 
(IN) 


cccFSFactoryActionOption (IN) Policy Name 


cccFSFactoryActionTarget (IN) FDN of policy assignment 


cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


Details 


Specifies unique policy name. 


This object will be added to the 
list of associations for the named 
policy. 


The cccFSFactoryActionResult attribute is set to Success if successful or an error message 


otherwise. 


Notes 


¢ The trustee FDN specified for the cccFSFactoryActionTarget attribute may be entered in either 
typeful or typeless FDN format such as bob.hq. org or CN=bob.0U=hq.0=org, or in LDAP 


format such as cn=bob, ou=hq, o=org. 


+ The policy name must match an existing policy in the configured system, however the policy 


name does not need to be a case exact match. 


¢ Policies will only be successfully assigned if the policy type is allowed to be assigned to the 
specified object type. Allowed assignment types are as follows: 
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Policy Type Object Type (Class) Notes 


User Policy + Container: Organization, 
Organizational Unit, 
Domain, Locality 


+ Group 


» User 


Collaborative Group Policy + Container: Organization, Not valid for user objects 
Organizational Unit, 
Domain, Locality 


+ Group 


Collaborative Container Policy + Container: Organization, Not valid for user or group objects 
Organizational Unit, 
Domain, Locality 


User Auxiliary Policy Not valid Currently, auxiliary policies may 
only be assigned to primary 
policies, not to objects in the 
directory service. 


Example 


The following LDIF file shows how to assign policy UserPolicyl to the container hg.org. 


#Example LDIF for AssignPolicy Action Object 
version: 1 

dn: cn=assignpolicy, ou=actionObjects,o=org 
changetype: add 

objectClass: cccFSFactoryAction 
cccFSFactoryActionOperation: AssignPolicy 
cccFSFactoryActionOption: UserPolicyl 
cocFSFactoryActionTarget: hg.org 
cocFSFactoryActionTrigger: Ready 


6.1.2 ClearTrustee 


Description 


The ClearTrustee operation removes the specified trustee from the designated path. 


Parameters 

Attribute Value Details 

cccFSFactoryActionOperation ClearTrustee 

(IN) 

cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath Path of the directory in 
SYN_PATH format. 

cccFSFactoryActionTarget (IN) FDN of the trustee to remove This user is removed as a trustee 


of Path1. 
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Attribute Value Details 
cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


The cccFSFactoryActionResult attribute is set to Success if it is successful; otherwise, an error 
message displays. 


NOTE: The trustee FDN specified for the cccFSFactoryActionTarget attribute should be entered as 
a typeless, dotted, fully distinguished name such as bob.hq.org. 


Example 


The following LDIF file shows how to remove userl.hq.org as a trustee of Server1/Voll :path1/ 
subpathl. 


#Example LDIF for ClearTrustee Action Object 

version: 1 

dn: cn=cleartrusteetest, ou=actionObjects,o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cocFSFactoryActionPathl: cn=SERVER1 VOL1,ou<resources, o=org# 
0#/pathl/subpathl 

cccFSFactoryActionOperation: ClearTrustee 

cccFSFactoryActionTarget: userl.hq.org 

cocFSFactoryActionTrigger: Ready 


6.1.3 CopyDir 


Description 


The CopyDir operation recursively copies the contents from Path! to Path2. 


Parameters 


Attribute Value Details 


cccFSFactoryActionOperation CopyDir 
(IN) 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath Path of the directory in 
SYN_PATH format. 

cccF SFactoryAction Target (IN) VolumeDN#0#/subpath This user is removed as a trustee 
of Path’. 
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Attribute Value Details 
cccFSFactoryAction Option <Option> ParentPaths : 


<ParentPaths>1</ParentPaths> 0 — (or missing tag) Do not create 
the target path if any parent paths 


</Option> are missing. 


1 — Create any missing parent 
paths as well as the target path 


cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


eccFSFactoryActionResult is set to Success if it is successful; otherwise, an error message displays. 


Notes 


¢ This action generates a Generic Copy Data event which is eligible for Agent delegation. 


+ CopyDir only works with contents under a specified directory, and not with single files. Use the 
CopyFile action to handle an individual file. 


Example 


The following LDIF shows how to perform a copy of the entire contents of Serverl/Voll :path1/ 
subpathl to Server2/Data:users/bob. 


#Example LDIF for CopyDir Action Object 
version: 1 

dn: cn=copydirtest, ou=actionObjects, o=org 
changetype: add 

objectClass: cccFSFactoryAction 


cccFSFactoryActionPathl: cn=SERVER1 VOL1,ou<resources, o=org# 
0#/pathl/subpathl 

cccFSFactoryActionPath2: cn=SERVER2 DATA, ou=servers, o=org# 
0#/users/bob 

cccFSFactoryActionOption: <Option><ParentPaths>1</Parent 
Paths></Option> 


cccFSFactoryActionOperation: CopyDir 
cccFSFactoryActionTrigger: Ready 


6.1.4 CopyFile 


Description 


The CopyFile operation copies the contents of a single file from Path! to Path2. 
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Parameters 


Attribute 
cccFSFactoryActionOperation 
(IN) 

cccFSFactoryActionPath1 (IN) 


cecF SFactoryActionPath2 (IN) 


cccFSFactoryActionOption 


Value 


CopyFile 


VolumeDN#0#/subpath/file 


VolumeDN#0#/subpath/file 


<Option> 
<SourceObject/> 
<TargetObject/> 

</Option> 


cccFSFactoryActionResult (OUT) <Error Message> 


Return Values 


Success 


Details 


Path of source file in SYN_PATH 
format 


Path of target file in SYN_PATH 
format 


ParentPaths : 


0 — (or missing tag) do not create 
the target file if any parent paths 
are missing 


1 - create any missing parent 
paths 


Overwrite: 
0 — do not overwrite 


1 — (or missing tag) overwrite an 
existing file 


2 — overwrite file only if newer 
3 — overwrite file if different size 


4 — overwrite file if newer and 
different size 


cecFSFactoryA ctionResult is set to Success if successful or an error message otherwise. 


Notes 


¢ This action generates a Generic Copy Data event which is eligible for Agent delegation. 


+ CopyFile requires that the target path include the target file name, not just the target parent 


folder. 


Example 


The following LDIF shows how to perform a copy of the contents of file Server1/Vol1:path1/ 
subpathl/file-a.txt to Server2/Data:users/bob/file-b.txt 
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#Example LDIF for CopyFile Action Object 

version: 1 

dn: cn=copyfiletest, ou=actionObjects,o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cccFSFactoryActionPathl: cn=SERVER1 VOL1, ou=resources, o=org# 
0#/pathl/subpath1/file-a.txt 

cocFSFactoryActionPath2: cn=SERVER2 DATA, ou=servers, o=org# 
Of/users/bob/file-b.txt 

cccFSFactoryActionOption: <Option><ParentPaths>1</Parent 
Paths><Overwrite>1</Overwrite></Option> 

cccFSFactoryActionOperation: CopyFile 

cccFSFactoryActionTrigger: Ready 


6.1.5 CopyTrustee 


Description 

The Copy Trustee operation copies the rights of a specified trustee for Path! to a specified trustee for 
Path2. 

Parameters 

Attribute Value Details 


cccFSFactoryActionOperation CopyTrustee 
(IN) 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath Path of the source entry in 
SYN_PATH format. 
cccFSFactoryActionPath2 (IN) VolumeDN#0#/subpath Path of the target entry in 
SYN_PATH format. 
cccFSFactoryActionOption (IN) <Option> SourceObject: FDN of the 
trustee for path1. 
<SourceObject/> 
TargetObject: FDN of the trustee 
<TargetObject/> for path2. 
</Option> 


cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


The cccFSFactoryActionResult attribute is set to Success if it is successful; otherwise, an error 
message displays. 


NOTE: The FDNs specified for the <SourceObject> and <TargetObject> tags should be entered 
as a typeless, dotted, fully distinguished name such as bob.hq.org. 
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Example 


The following LDIF shows how to perform a copy the trustee assignment of userl on Serverl/ 
Voll :path1/subpathl and assign those same rights to bob on Server2/Data:users/bob. 


#Example LDIF for CopyTrustee Action Object 

version: 1 

dn: cn=copytrustee, ou=ActionObjects, o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cocFSFactoryActionPathl: cn=SERVER1 VOL1,ou<resources, o=org# 
0#/pathl/subpathl 

cccFSFactoryActionPath2: cn=SERVER2 DATA, ou=servers, o=org# 
0#/users/bob 

cccFSFactoryActionOption: <Option><SourceObject>userl.user 
s.org</SourceObject><TargetObject>bob.hq.org</TargetObject 
></Option> 

cocFSFactoryActionTrigger: Ready 


6.1.6 CreateDir 


Description 


The CreateDir operation creates a directory at the specified path. 


Parameters 


Attribute Value Details 
cccFSFactoryActionOperation (IN) CreateDir 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath Path of the source entry in 
SYN_PATH format. 


cccFSFactoryActionOption <Option> ParentPaths: 


<ParentPaths>1</ParentPaths> 0 - (or missing tag) Do not create 
the target path if any parent paths 


</Option> are missing. 


1 - Create any missing parent 


paths as well as the target path. 


cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


cecFSFactoryA ctionResult is set to Success if it is successful; otherwise, an error message displays. 


NOTE: Even though the complete path is specified in cecFSFactoryA ctionPathl, all parent paths of 


the newly specified directory must exist, or the function fails. 
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Example 


The following LDIF example shows how to create subpathl underneath Server1/Vol1:path1. 


#Example LDIF for CreateDir Action Object 

version: 1 

dn: cn=createdirtest, ou=actionObjects, o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cccFSFactoryActionPathl: cn=SERVER1 VOL1,o=org#0#/path1/ 
subpathl 

cccFSFactoryActionOption: <Option><ParentPaths>1</Parent 
Paths></Option> 

cccFSFactoryActionOperation: CreateDir 

cocFSFactoryActionTrigger: Ready 


6.1.7 DeleteDir 


Description 


The DeleteDir operation deletes a directory at the specified path. 
Parameters 
Attribute Value Details 


cccFSFactoryActionOperation (IN) DeleteDir 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath Path of directory in SYN_PATH 
format 
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Attribute Value 
cccFSFactoryActionOption <Option> 
<Level>0</Level> 
<Recursive>0</Recursive> 


</Option> 


cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


cecFSFactoryA ctionResult is set to Success if it is successful; otherwise, an error message displays. 


Notes 


¢ The specified path must point to a directory, not a file. 


Details 
Level: 


0 — safe. No attribute or rights 
overrides are performed. This is 
the default if no Level tag is 
available 


2 — (or tag not available) 
intermediate. Overrides any 
read-only / read-inhibit attributes 


3 — aggressive. Overrides any 
read-only / read-inhibit attributes; 
grants explicit rights, takes 
ownership if needed to override 
rights filters or other inherited 
rights issues 


Recursive: 


0 - Only delete contents of the 
immediate folder 


1 — (or tag not available) Delete 
contents of the immediate folder 
and all subfolders 


+ Lack of an Option tag defaults to recursive mode with intermediate level of aggression for 


delete. 


Example 


The following LDIF example shows how to delete the directory Serverl/Vol1:path1/subpath1. 
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#Example LDIF for DeleteDir Action Object 

version: 1 

dn: cn=deletetest,ou=actionObjects,o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cccFSFactoryActionPathl: cn=SERVER1_VOL1,o0=org#0#/pathl/subpath 
cccFSFactoryActionOperation: DeleteDir 

cccFSFactoryActionOption: <Option><Level>3</Level><Recursive> 
0</Recursive></Option> 

cccFSFactoryActionTrigger: Ready 


6.1.8 DeleteFile 


Description 


The DeleteFile operation deletes a directory at the specified path. 


Parameters 


Attribute Value Details 


cccFSFactoryActionOperation DeleteFile 
(IN) 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath/file Path of file in SYN_PATH format 


cccFSFactoryActionOption <Option> 0-1 safe. No attribute or rights 
overrides are performed. This is 
the default if no Level tag is 
available 


<Level>0</Level> 


</Option> 


2 — (or not tag available) 
intermediate. Overrides any 
read-only / read-inhibit attributes 


3 - aggressive. Overrides any 
read-only / read-inhibit attributes; 
grants explicit rights, takes 
ownership if needed to override 
rights filters or other inherited 
rights issues 


cccFSFactoryActionResult (OUT) <Success> 


<Error Message> 


Return Values 


cecFSFactoryA ctionResult is set to Success if successful or an error message otherwise. 
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NOTE: The specified path must point to a single file. File globbing or wildcards are not currently 
supported at this time. 
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Example 


The following LDIF example shows how to delete the file Server1/Voll :path1/subpath1/file-a.txt 


Example LDIF for DeleteFile Action Object 
ersion: 1 


hangetype: add 
objectClass: cccFSFactoryAction 


# 
v 
dn: cn=deletefiletest,ou=actionObjects,o=org 
e 


cccFSFactoryActionPathl: cn=SERVER1 VOL1,o=org+t0+/pathl/ 


subpathl/file-a.txt 
cccFSFactoryActionOperation: DeleteFile 


cccFSFactoryActionOption: <Option><Level>3</Level></Option> 


cocFSFactoryActionTrigger: Ready 


6.1.9 Rename 


Description 


The Rename operation renames an existing directory entry (file or folder). 


Parameters 


Attribute Value 
cccFSFactoryActionOperation (IN) Rename 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath 


cccFSFactoryActionTarget newpath 
cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


Details 


Path of the directory in 
SYN_PATH format. 


New file or directory name. 


cecFSFactoryA ctionResult is set to Success if it is successful; otherwise, an error message displays. 


WARNING: Currently all Rename actions override (ignore) any Rename Inhibit / Delete Inhibit 


flags that would normally prevent renaming a file or directory. 


Example 


The following LDIF file shows how to rename the file at Server1/Voll :path1/file1 to file2. 
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#Example LDIF for Rename Action Object 
version: 1 

dn: cn=renametest,ou=ActionObjects,o=org 
Cc 

o 

e 


hangetype: add 
bjectClass: cccFSFactoryAction 


Ofpathl/filel 
cccFSFactoryActionTarget: file2 
cccFSFactoryActionOperation: Rename 
cccFSFactoryActionTrigger: Ready 


6.1.10 SetFlags 


Description 


ccFSFactoryActionPathl: cn=SERVER1 VOL1, ou=resources, o=org 


The SetFlags operation sets the file system flags for Pathl to the specified values. 


Parameters 


Attribute Value 


cccFSFactoryActionOperation (IN) SetFlags 
cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath 


cccFSFactoryActionOption (IN) RiDiHiArPilcDcRo 
cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


Details 


Path of the directory in 
SYN_PATH format. 


String of flags to set. 


The cccFSFactoryActionResult attribute is set to Success if it is successful: otherwise, an error 


displays. 


Notes 


¢ Currently, this action only overwrites the current flags. It does not add to existing flags that 
might already be set, but instead sets the flags to what has been explicitly listed in the 
ceccFSFactoryActionOption attribute. Any flags not specified are cleared. 


¢ The following flags can be set: 
+ Di- delete inhibit 
+ Ri- rename inhibit 
» Hi— hidden 
+ Ar—archive 
+ Pi-— purge immediate 


» Ic—compress immediate 
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¢ Dc- do not compress 
+ Ro-read only 


+ Flag options are case sensitive 


Example 


The following LDIF file shows how to set the rename inhibit and delete inhibit flags for the path 
Server 1/Vol1:path1. 


#Example LDIF for SetFlags Action Object 
version: 1 

dn: cn=setflagstest, ou=ActionObjects,o=org 
changetype: add 

objectClass: cccFSFactoryAction 
cccFSFactoryActionPathl: cn=SERVER1 VOL1,ou=resources, o=org 
O#path1l 

cccFSFactoryActionOption: RiDi 

cccFSFactoryActionOperation: SetFlags 
cocFSFactoryActionTrigger: Ready 


6.1.11 SetOwner 


Description 


The SetOwner operation sets the specified eDirectory object as the owner of Pathl. 


Parameters 


Attribute Value Details 
cccFSFactoryActionOperation (IN) SetOwner 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath Path of the directory in 
SYN_PATH format. 


cccFSFactoryActionTarget (IN) FDN of new owner. 
cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


The cccFSFactoryActionResult attribute is set to Success if it is successful; otherwise, an error 
message displays. 


NOTE: The owner FDN specified for the cccFSFactoryActionTarget attribute should be entered as 


a typeless, dotted, fully distinguished name such as bob.hq.org. 


Example 


The following LDIF file shows how to set bob.hq.org as the owner for the path Server1/Voll :path1. 
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#Example LDIF for SetFlags Action Object 
version: 1 

dn: cn=setownertest, ou=ActionObjects,o=org 
e 

o 

e 


hangetype: add 

bjectClass: cccFSFactoryAction 

ccFSFactoryActionPathl: cn=SERVER1 VOL1,ou=resources,o=org 
O#path1l 

cccFSFactoryActionTarget: bob.hg.org 
cccFSFactoryActionOperation: SetOwner 
cccFSFactoryActionTrigger: Ready 


6.1.12 SetQuota 


Description 


The SetQuota operation is used to set, add, subtract, or clear a directory quota for a given target path. 


Parameters 


Attribute Value Details 


cccFSFactoryActionOperation (IN) SetQuota 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath Path of the directory in 
SYN_PATH format. 
cccFSFactoryActionOption (IN) <Option> SubCmd: 
<SubCmd>#</SubCmd> 
<Quantity>##</ 0 — Clear quota 
cuanta 1 — Set quota 
</Option> 


2 - Add to quota 
3 — Subtract from quota 


Quantity: Integer representing 
quota value in to set, add, or 
remove in megabytes. 


cccFSFactoryActionResult (OUT) Success 


<Error Message> 


Return Values 


The cccFSFactoryActionResult attribute is set to Success if it is successful; otherwise, an error 
message displays. 


NOTE: Depending on the initial quota setting of the target path, the value of <SubCmd> produces 
the results in the table below. 


No Initial Quota NA Initial Quota of 0 MB 
<SubCmd> (Unlimited) Initial Quota of 10 MB (Locked Out) 
0 (clear quota) No quota (unlimited) No quota (unlimited) No quota (unlimited) 
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<SubCmd> A Initial Quota of 10 MB orke Gani 0MB 
1 (set quota) Set to specified Set to specified Set to specified 
<Quantity> <Quantity> <Quantity> 
2 (add quota) No quota (unlimited) Set to <Quantity> +10 Set to 10 MB 
3 (subtract quota) No quota (unlimited) Set to 10 - <Quantity> Left as 0 MB (Locked 
Out) 


if result < = 0, then quota 
set to 0 MB (Locked 
Out) 


If <SubCmd> is set to any value other than 0, 1, 2, or 3, the operation fails and 
cceFSFactoryA ctionResult is set to the error message. 


Example 


The following LDIF file shows how to set a directory quota of 500 MB on the path Server1/ 
Voll:pathl/subpathl. 


#Example LDIF for SetQuota Action Object 

version: 1 

dn: cn=setquotatest, ou=actionObjects,o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cocFSFactoryActionPathl: cn=SERVER1 VOL1,ou<resources, o=org# 
0#/pathl/subpathl 

cccFSFactoryActionOperation: SetQuota 

cccFSFactoryActionOption: <Option><SubCmd>1</SubCmd><Quanti 
ty>500</Quantity></Option> 

cocFSFactoryActionTrigger: Ready 


6.1.13 SetTrustee 


Description 


The SetTrustee operation sets the specified rights for the trustee to the designated path. 


Parameters 


Attribute Value Details 


cccFSFactoryActionOperation (IN) SetTrustee 


cccFSFactoryActionPath1 (IN) VolumeDN#0#/subpath Path of the directory in 
SYN_PATH format. 

cccFSFactoryActionOption (IN) RWCEMFA Specify initials for file system 
rights. 

cccFSFactoryActionTarget (IN) FDN of the new trustee This user will be assigned the 


rights listed in Option to Path1. 
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Attribute Value Details 
cccFSFactoryActionResult (OUT) Success 
<Error Message> 


cccFSFactoryActionTrigger Ready Needed to activate the action 
object. 


Return Values 


The cccFSFactoryActionResult attribute is set to Success if it is successful; otherwise, or an error 
message displays. 


Notes 
¢ The trustee FDN specified for the cccFSFactoryActionTarget attribute should be entered as a 
typeless, dotted, fully distinguished name such as bob.hq.org. 

¢ The rights are a simple text field with each letter representing a specified access control: 
+ R- Read 
+ W- Write 
+ C- Create 
+ E-Crase 
+ M- Modify 
+ F-— File scan 
+ A-— Access control 


¢ SetTrustee overwrites any previous rights a trustee might have had to the specified path. 


Example 


The following LDIF file shows how to set userl.hq.org as a trustee of Server1/Voll :path1/subpath1 
with read and file scan rights. 


#Example LDIF for SetTrustee Action Object 
version: 1 
dn: cn=settrusteetest, ou=actionObjects,o=org 
changetype: add 
objectClass: cccFSFactoryAction 
cccFSFactoryActionPathl: cn=SERVER1 VOL1,ou<resources, o=org# 
0#/pathl/subpathl 
cocFSFactoryActionOperation: SetTrustee 
cocFSFactoryActionOption: RF 
cccFSFactoryActionTarget: userl.hg.org 
cocFSFactoryActionTrigger: Ready 


6.2 Reguired Attributes 


¢ Section 6.2.1, “Trigger,” on page 51 


+ Section 6.2.2, “Operation,” on page 51 
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6.2.1 Trigger 


Description 


The cccFSFactoryActionTrigger attribute is used to notify the Event Monitor that an Action Object 
is ready to be processed. Upon receipt of the event, the Event Monitor notifies the Engine of the 
pending Action Object, and processing of the object's contents starts. 


In order for the Engine to start processing of an Action Object, the trigger value must be set to the 
string value Ready. 


Parameters 

Attribute Value Details 

cccFSFactoryActionTrigger (IN) Ready This is a case-insensitive string 
value set to the string Ready. 

Notes 


» Ifan Action Object must be manually retriggered, be sure to delete the current 
cccF SFactoryActionTrigger value or change it to a different string other than Ready first, apply 
the change, then re-add or modify the attribute to have the trigger of Ready again. 


Failure to perform this as two separate actions may prevent the modification of the trigger 
event from occurring at all, resulting in no event. 


+ The cccFSFactoryActionTrigger attribute is a Case-Ignore-String syntax attribute. As such, the 
trigger value may be all uppercase, lowercase, or any mixture in between. 


Example 


# Example LDIF for CreateDir Action Object with the trigger 
# attribute set 

version: 1 

dn: cn=createdirtest, ou=actionObjects, o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cccFSFactoryActionPathl: cn=SERVER1 VOL1,o=orgHt0+/pathl 
cccFSFactoryActionOperation: CreateDir 
cccFSFactoryActionTrigger: Ready 


6.2.2 Operation 


Description 


The cccFSFactoryActionOperation attribute specifies the type of action to perform, such as 
CreateDir or SetQuota. 
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Parameters 


Attribute Value Details 


cccFSFactoryActionOperation AssignPolicy This is a case-insensitive string 
we ClearTrustee = 

CopyDir 

CopyFile 

CopyTrustee 

CreateDir 

DeleteDir 

DeleteFile 

Rename 

SetFlags 

SetOwner 

SetQuota 


SetTrustee 
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NOTE: he cccFSFactoryActionOperation attribute is a Case-Ignore-String syntax attribute. As 
such, the operation value may be all uppercase, lowercase, or any mixture in between. 


Example 


# Example LDIF for CreateDir Action Object with the operation 
# attribute set 

version: 1 

dn: cn=createdirtest, ou=actionObjects, o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cccFSFactoryActionPathl: cn=SERVER1 VOL1,o0=org#0#/path1l 
cccFSFactoryActionOperation: CreateDir 
cccFSFactoryActionTrigger: Ready 


6.3 Optional Attributes 


The following attributes can be added to any Action Object. 


+ Section 6.3.1, “Execute Time,” on page 53 
+ Section 6.3.2, “Link Next," on page 53 
+ Section 6.3.3, “Cleanup,” on page 55 
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6.3.1 Execute Time 


Description 


The cccFSFactoryActionExecuteTime attribute provides a way to set a deferral time on an action. 
The value for the attribute is an integer based on UNIX time, which is calculated as the number of 
seconds since midnight UTC of January 1, 1970. 


Parameters 

Attribute Value Details 
cccFSFactoryActionExecuteTime O to 231 1 This follows the UNIX time _t standard, 
(IN) indicating the number of seconds since 


midnight UTC Jan. 1, 1970. 


Return Values 


The cccFSFactoryActionResult attribute is set to Success if it is successful; otherwise, an error 
message displays. 


NOTE: The current release does not provide a mechanism for using human readable time-date 
stamps. 


One helpful site for converting time to UNIX time format is found at the Time Stamp Generator 
Web site (http://www.timestampgenerator.com). 


Example 


To set a CreateDir action to take place on February 1, 2009 at 7 pm EST (Eastern Standard Time), 
the corresponding value for the scheduling attribute is 1233532800. 


#Example LDIF for CreateDir Action Object with deferred time 
version: 1 

dn: cn=createdirtest, ou=actionObjects, o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cccFSFactoryActionPathl: cn=SERVER1 VOL1,o=orgHt0+/pathl 
cocFSFactoryActionExecuteTime: 1233532800 
cocFSFactoryActionOperation: CreateDir 
cocFSFactoryActionTrigger: Ready 


6.3.2 Link Next 


Description 


The cccFSFactoryActionLinkNext attribute sets the next Action Object to process after the current 
one. 
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Parameters 
Attribute Value Details 
cccFSFactoryActionLinkNext <Link> Process: 
<Process> 0 | 1 </ l 
Precašsš 0 Z Engine processes the next 
<NextAction> [FDN] </ Action Object trigger. 
a aaa 1 — External processing of the 
See next Action Object trigger. 
NextAction: 
Dotted, typeless, fully 
distinguished name of the next 
action object to trigger. 
Notes 


+ If the attribute is present, the Engine tries to process any valid <NextAction> tags. 


+ Ifthe value of <Process> is set to anything other than 0, the attribute is left alone. This is 
useful for cases where an external system such as Novell Identity Manager will drive the 
triggering of the next linked action. 


Example 


The following example shows how to link a CreateDir action to a SetTrustee action that follows it: 


#Example LDIF for CreateDir Action Object with deferred time 
version: 1 

dn: cn=createdir-1, ou=actions, o=org 

changetype: add 

objectClass: cccFSFactoryAction 
cccFSFactoryActionPathl: cn=SERVER1 VOL1,o0=org#0#/path1l 
cccFSFactoryActionLinkNext: <Link><Process>0</Process> 
<NextAction>cn=trustee-1,ou=actions,o=org</NextAction> 
</Link> 

cccFSFactoryActionOperation: CreateDir 
cccFSFactoryActionTrigger: Ready 


dn: cn=settrustee-1, ou=actions,o=org 

changetype: add 

objectClass: cccFSFactoryAction 

cccFSFactoryActionPathl: cn=SERVER1 VOL1,ou<resources, o=org# 
0#/pathl/subpathl 

cccFSFactoryActionOperation: SetTrustee 

cccFSFactoryActionOption: RF 

cccFSFactoryActionTarget: userl.hq.org 
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NOTE: Only the first action in the sequence should have the cccFSFactoryActionTrigger attribute 
set to Ready. 
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6.3.3 Cleanup 


Description 


The cccFSFactoryActionCleanup attribute specifies whether the Action Object should be deleted 
from eDirectory after processing for it has completed. 


Parameters 
Attribute Value Details 
cccFSFactoryActionCleanup [ System | System - the Engine will delete the action 


OnSuccess ] object unconditionally at the end of processing, 
whether or not the defined action completed 
with a result of "Success". 


OnSuccess — the Engine will delete the action 
object only if its action has completed with a 
result of "Success".. 


Any other value, or absence of the attribute 
leaves the Action Object behind. 


NOTE: Once the Engine has verified the trigger on an Action Object, it is eligible for automatic 


cleanup regardless of whether the defined action is successful or not. 


#Example LDIF for CreateDir Action Object with cleanup 
version: 1 

dn: cn=createdir-1,ou=actions, o=org 

changetype: add 

objectClass: cccFSFactoryAction 
cccFSFactoryActionPathl: cn=SERVER1 VOL1,o=orgHt0+/pathl 
cccFSFactoryActionCleanup: Syste 
cccFSFactoryActionOperation: CreateDir 
cocFSFactoryActionTrigger: Ready 


Actions Reference 


55 


OLOZ Menuer ; (ua) xooprou 


56 Novell Storage Manager 3.0.1 for eDirectory Action Object Reference Guide 


OLOg Auenuer / (ua) xooprou 


Schema Extensions 


Table 7-1 Schema Extensions 


Attribute 


cccFSFactoryActionCleanup 


cccFSFactoryActionExecuteTime 


cccF SFactoryActionLinkNext 


cccFSFactoryActionOperation 


cccFSFactoryActionOption 


cccFSFactoryActionPath1 


cccFSFactoryActionPath2 


cccFSFactoryActionResult 


cccFSFactoryActionStatus 


cccFSFactoryActionTarget 


Properties 
SYN_CI_STRING 
Single-valued 
Sync immediate 


SYN_INTERVAL 


SYN CI STRING 
Single-valued 
Sync immediate 
SYN CI STRING 
Single-valued 
Sync immediate 
SYN CI STRING 
Single-valued 
Sync immediate 
SYN PATH 
Single-valued 
Sync immediate 
SYN CI STRING 
Single-valued 
Sync immediate 
SYN CI STRING 
Single-valued 
Sync immediate 
SYN CI STRING 
Single-valued 
Sync immediate 
SYN CI STRING 
Single-valued 


Sync immediate 


Notes 


Indicates whether the Engine 
should delete the action object 
upon completion of the 
command. 


Specifies date and time to defer 
Action Object processing. 


Placeholder for link reference 
used with Action Object chaining. 


Required attribute which 
determines what type of action to 
perform. 


Attribute providing optional 
parameters needed for some 
operations. 


Primary target path for many 
operations. When two paths are 
specified, this path is generally is 
used as the source path. 


Secondary path, typically used as 
a destination path. 


Operation result message. This 
attribute should only be set by the 
Engine. 


System maintained attribute for 
operation status. 


Optional parameter needed for 
some operations. Generally this 
is used as a FDN reference to 
some other object in the tree. 
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Attribute Properties Notes 
cccFSFactoryActionTrigger SYN_CI_STRING Set to the value “Ready” when an 


action object is ready for 


Single-valued processing. 


Sync immediate 
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Release Notes 


+ CopyDir has been updated to include parameters for overwrite options. 
» DeleteDir has been updated to include parameters for aggression level. 
» The CopyFile and DeleteFile actions have been added. 


» Redrive capability has been added to Action Object processing. Any invalid parameters that 
are caught before actual action processing flag the event as "redrivable", so that adjustments to 
the Action Object data can be made and re-processed from with the NSMAdmin Pending 
Events interface without the need to reset the trigger. 


¢ Installation no longer extends the schema with the following unused or obsolete attributes: 
ceccF SFactoryActionLinkStart, cecFSFactoryA ctionExecuteOption, 
ceccF SFactoryActionAssociation. cccFSFactoryActionControl. 


+ Certain events, such as CopyDir and CopyFile, may generate secondary dependent events such 
as GenericCopyData which are eligible for Agent delegation. 
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